Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fintech at SaaS Speed
Webinar: Navigating scale and security challenges
Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
7/23/2021
02:50 PM
Tanner Johnson
Tanner Johnson
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Biden Administration Responds to Geopolitical Cyber Threats

In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.

When considering the cybersecurity CIA triad of confidentiality, integrity, and availability, each component is essential to the secure operation of every organization. 

Related Content:

Data Security Accountability in an Age of Regular Breaches

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

Maersk CISO Says NotPetya Devastated Several Unnamed U.S. Firms

However, when the consistent and reliable availability of necessary data is lost as a result of a ransomware incident, it is perhaps the most crippling of the three. Denial of access to data can cripple operations and bring everything to a grinding halt. To add insult to injury, the absolute urgency and panic that system denial creates in victims only exacerbates the challenge of responding to a ransomware attack.

Adversaries now commonly use ransomware to quickly and efficiently steal victims' access to valuable data. The ransomware "industry" has matured in several ways: through the anonymity provided via the anonymity granted through the Internet and digital currency, combined with the low-risk/high-reward mechanics involved with ransoming a victim’s files, plus the evolution and increasing monetization of ransomware-as-a-service (RaaS). All "flavors" of customizable ransomware toolkits can be found for sale on the Dark Web. While already a troubling concept to consider, such offerings have facilitated the fast and massive global proliferation of ransomware toolkits.

Task Force Takes All-Hands-on-Deck Approach
As a result of the growth and development of sophisticated, technically knowledgeable, well-funded, and often nation-state-backed ransomware gangs, developing and deploying any lasting and comprehensive countermeasures will require a herculean effort. 

Given the increased frequency of the attacks, combined with the severity of consequences that stem from a successful strike, no single entity can possibly hope to coordinate such a large-scale disruption of these ransomware campaigns alone. A truly extensive response requirement will demand international cooperation from government organizations, private entities, and defense agencies worldwide.

In light of the significant national security implications surrounding repeated ransomware strikes against critical infrastructure, the Biden administration recently announced plans for the deployment of a cross-government ransomware task force. This task force, composed of an interagency group of senior security officials, will help to further facilitate defensive capabilities to protect against attacks by promoting data security resilience among critical infrastructure entities. 

The task force will seek to coordinate with US allies to direct any offensive responses against evolving attack campaigns, while simultaneously working to disrupt ransom payments proffered on various cryptocurrency platforms.

Additionally, the US Department of Justice announced plans to elevate ransomware investigations to the same level of priority as terrorist attacks, granting greater access to government resources to assist in mitigation efforts.

Administration officials are increasingly concerned now that ransomware attacks frequently exploit various supply chain vulnerabilities as a preferred method of compromise. Attacks such as these target popular software solutions to reach a larger pool of potential victims. Challenges surrounding these supply chain attacks plague government agencies and private sector companies alike. While many organizations are still recovering from the SolarWinds breach that occurred at the end of 2020, the recent ransomware strike against popular vendor Kaseya shows that such threats are likely to continue in the absence of a coordinated response.

Security Concerns Spark Geopolitical Tensions
Many recent ransomware attacks are believed to have originated in countries that are adversarial to the US. This poses additional challenges. The very clandestine nature of the attacks, in addition to the anonymity surrounding payment, make any kind of accountability difficult to impose. For example, the FBI claimed that the culprits of the Colonial Pipeline attack, a ransomware network known as DarkSide, are based in Russia and are operating with Russian President Vladimir Putin's full knowledge. As expected, Putin has dismissed accusations against Moscow as unfounded. However, several US government officials have commented that even as Putin is more than likely completely aware of the criminal activity stemming from within his country’s borders, these gangs are so autonomous that Putin himself may be powerless to truly disrupt them. 

Furthermore, the Biden administration has also accused the Chinese government of helping to facilitate various cyberattacks including ransomware, extortion, theft, and even crypto-jacking. The administration alleges that China’s Ministry of State Security (MSS) was also responsible for an attack on Microsoft's Exchange email server earlier this year that compromised more than 30,000 organizations that rely on this service to facilitate daily operations. The Department of Justice has gone one step further with China, and has officially charged four Chinese nationals with illicit computer network exploitation activities, as part of a Chinese advanced persistent threat (APT) group known as APT40.

However, there are growing concerns regarding any kind of official US retaliation against either Russia or China. Officials have expressed considerable concern regarding any form of cyber standoff that may manifest between the US and an adversarial leader or nation. There are considerable fears that any kind of retaliatory action from the US could further escalate into even more orchestrated attacks against the US, its interests, and its allies.

Only time will tell if the geopolitical posturing between these superpowers will result in a digital détente.

Tanner Johnson is a cybersecurity analyst focused on IoT and transformative technologies at Omdia. His coverage is focused on examining the various threats that occupy the IoT technology domain, as well as opportunities and strategies that are emerging as data connectivity ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3904
PUBLISHED: 2021-10-27
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3906
PUBLISHED: 2021-10-27
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-3903
PUBLISHED: 2021-10-27
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-41191
PUBLISHED: 2021-10-27
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website....
CVE-2021-1115
PUBLISHED: 2021-10-27
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable co...